European Commission – Proposal for a Data Act
The European Commission proposed a Data Act. This act includes e.g. new rules on B2C and B2B data sharing (use, access and portability) and B2G data sharing. Moreover, it also includes provisions relating to cloud switching, interoperability of data spaces and data processing services and the sui generis database right.
What: Legislative proposal
Impactscore: 2
For who: citizens and consumers, IT service providers (especially cloud and SaaS), sector organisations
URL: https://ec.europa.eu/commission/presscorner/detail/en/ip_22_1113
Summary
According to the EC, the proposed Data Act should ensure fairness in the digital environment, stimulate a competitive data market, open opportunities for data-driven innovation and make data more accessible for all. It should lead to new, innovative services and more competitive prices for aftermarket services and repairs of connected objects.
It aims to do so through a variety of new rules and obligations which are distributed over 10 substantive chapters.
Chapter 1: General provisions
- In this part the triple goal of the Data Act is laid out: (i) making data generated by the use of a product or related service available to the user of that product or service (ii) making data available by data holders to data recipients, and (iii) making data available by data holders to public sector bodies or Union institutions, agencies or bodies, where there is an exceptional need, for the performance of a task carried out in the public interest.
- It also contains the definitions (e.g. “data” is being understood as “any digital representation of acts, facts or information and any compilation of such acts, facts or information, including in the form of sound, visual or audio-visual recording”) and introduces new notions such as data holder, data recipient, data processing service etc.
Chapter 2: Business To Consumer And Business To Business Data Sharing
- This chapter is especially relevant for IoT-products and other ‘smart’ devices. Such products (and related services) should ensure that the data generated by their use is easily accessible by the user. Such access should either be direct or indirect via an (electronic) access request.
- This access-right is complemented by a usage and a data portability right (i.e. users have a right to transfer their data from provider A to provider B). Data can, however, not be ported to so-called ‘gatekeepers’ under the DMA (e.g. GAFAM). The Data Act specifies additional rules applying to such portability (e.g. obligations on the third party that receives the data). Interestingly, the portability right cannot be used vis-à-vis ‘micro or small enterprises’.
Chapter 3: Obligations for Data Holders Legally Obliged To Make Data Available
- This chapter complements the rules with regard to the abovementioned data portability right, but has a broader scope as it also applies to situations where a data holder has to make data available to data recipient ‘under Union law or national legislation implementing Union law’.
- It states that such making available should be done under ‘fair, reasonable and non-discriminatory terms and in a transparent manner’. This means that an appropriate contractual framework should be in place (see also chapter 4 below), that there should be no discrimination between various data recipients and that data should not be made available on an exclusive basis (unless requested by the user). Applicable compensation should be reasonable and should not exceed the costs (if the data recipient is a micro, small or medium enterprise). The chapter foresees a dispute settlement mechanism in this regard.
- A data holder may apply technical protection measures to prevent unauthorised access to data and to ensure compliance with the applicable statutory and contractual obligations.
Chapter 4: Unfair Terms Related To Data Access And Use Between Enterprises
- This chapter explains which contractual terms should be deemed unfair if unilaterally imposed on a micro, small or medium-sized enterprise. Generally speaking, a contractual term is unfair if it is of such a nature that its use grossly deviates from good commercial practice in data access and use, contrary to good faith and fair dealing. The article then further explains which kind of specific terms will be considered unfair. Its added value may, however, be limited as it appears that some of these unfair clauses are already excluded under general national contract or commercial law, regardless if they were unilaterally imposed or not.
Chapter 5: Making Data Available To Public Sector Bodies And Union Institutions, Agencies Or Bodies Based On Exceptional Need
- This chapter creates a framework in which data holders can be obliged to make data available to a public institution demonstrating an exceptional need to use the data requested.
- Such exceptional need can exist if:
- The data is necessary to respond to a public emergency
- The data is necessary to prevent or to assist in the recovery from a public emergency (and the request is limited in time and scope)
- A lack of data prevents the public institution, agency or body from fulfilling a specific task in the public interest explicitly provided by law.
- Such requests for data by public institutions need to be motivated and contain certain information. Upon receipt of such request, the data holder should comply with it without undue delay. Nonetheless, the holder can decline or try to modify the request on limited grounds.
- Furthermore, the chapter also includes provisions relating to obligations on public institutions, the possibility to ask for compensation by data holders and to cooperate with research organisations or statistical institutes and mutual assistance and cross-border cooperation among public institutions.
Chapter 6: Switching between Data Processing Services
- This chapter imposes the obligation on data processing service providers (e.g. cloud or SaaS-providers) to allow their customers to switch to a different service provider and to remove commercial, technical, contractual and organisational obstacles. Importantly, the rights and obligations of the user and the provider in relation to switching between providers should be clearly set out in a written contract, including certain mandatory provisions.
- Interestingly, the chapter allows providers to impose limited switching charges only during a transition period. After said period, switching should be free of charge.
- Finally the chapter obliges providers e.g. to guarantee functional equivalence or to make APIs publicly available and free of charge.
Chapter 7: International Contexts Non-Personal Data Safeguards
- The essence of this chapter is that providers of data processing services need to take all reasonable technical, legal and organisational measures in order to prevent international transfer of or governmental access to non-personal data held in the EU where such transfer or access would create a conflict with Union law or the national law of the relevant Member State, unless exceptions apply.
Chapter 8: Interoperability
- This chapter contains interoperability obligations targeting the operators of data spaces, data processing services and essential requirements for smart contracts regarding data sharing.
- Moreover, in these contexts the proposal explicitly provides for the possibility of European standardisation organisations drafting harmonized standards or the Commission adopting common specifications.
Chapter 9: Implementation and Enforcement
- Each EU Member State should designate one or more competent authorities that would enforce the Data Act. Member States may establish a new authority or rely on existing authorities. The Data Act also provides a right for users or customers to lodge a complaint with said authority.
Chapter 10: Sui Generis right under directive 1996/9/EC
- The Data Act rules out that databases consisting of machine-generated, sole-source data could enjoy protection under the sui generis database right.